Victoria Almazova joins David Blank-Edelman to explore the tools for DevSecOps in a CI/CD Pipeline on Azure.
Resources
• WAF Security pillar https://aka.ms/azenable/30/01
• Azure Well-Architected Review https://aka.ms/azenable/30/02
• Secure DevOps https://aka.ms/azenable/30/03
• DevSecOps in Azure https://aka.ms/azenable/30/04
• Secure DevOps Kit for Azure https://aka.ms/azenable/30/05
• Secure Azure pipelines https://aka.ms/azenable/30/06
Related Episodes
• DevSecOps: bringing security into your DevOps practice on Azure https://www.youtube.com/watch?v=9DrRFsnrj7k&list=PLlrxD0HtieHjThIheXKKON1YJA2K2uE-P&index=13
• Improve app security with Application Security Groups https://www.youtube.com/watch?v=iapLro95MO4&list=PLlrxD0HtieHjThIheXKKON1YJA2K2uE-P&index=11
• Better app token security through application roles https://www.youtube.com/watch?v=2L4rzy8h_CI&list=PLlrxD0HtieHjThIheXKKON1YJA2K2uE-P&index=12
To watch more episodes in the Well-Architected Series, check out our playlist: https://aka.ms/azenable/yt/wa-playlist
Explore more cloud enablement resources!
https://www.azure.com/enablement
0:00 Overview
1:09 Let's review what we've learned about DevSecOps so far.
1:55 Why are we focusing only on dependency management and security scanning?
3:17 Is there a way we could see a concrete example of implementing security practices?
5:16 Can you show me a real life example of how this implementation works in Azure DevOps?
7:46 Why do you deploy the ZAP Scanner WebApp after you built the application?
8:43 What is the next stage in the [CI/CD] pipeline, once all the scanning is done?
9:52 How will I know whether the tools find a security vulnerability, and how I get notified?
11:11 By "breaking the build," do we mean the pipeline itself stops when it discovers a vulnerability?
11:35 We've covered credentials scan results. Are there other results to mention?
#Azure #AzureEnablementShow #WellArchitected